YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 1eced7586b37bb403fd0f7d3cf8d408c4f021f0fcd36110bc4d15619985f59e5.

SHA256 hash:	1eced7586b37bb403fd0f7d3cf8d408c4f021f0fcd36110bc4d15619985f59e5
File size:	1'303'040 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	01b2c5964a00517219a19af2e2a049c1
SHA1 hash:	6e144730f826b412fad89282a1f47512ef18b4d0
SHA3-384 hash:	af9900d33bc36f6d1a1955e359549341d14d1258bb5f513334704756e9239d6a4f3fe66f55be815bd2b49baf1b6716f0
First seen:	2026-04-02 15:48:08 UTC
Last seen:	Never
Sightings:	1
imphash :	d1dc93f619af09bce194bf3abe90cef4 Create hunting rule
ssdeep :	24576:6KdZ6Z7MfaoX0vyTZXuvKGCD/29ervCRMK8aEji8:lsoE6dXuovjaEjP
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	e0a09898a2d3cc0c Create hunting rule

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	Check_Debugger Create hunting rule
TLP:	TLP:WHITE
Repository:

Rule name:	Check_OutputDebugStringA_iat Create hunting rule
TLP:	TLP:WHITE
Repository:

Rule name:	Check_Qemu_Description Create hunting rule
TLP:	TLP:WHITE
Repository:

Rule name:	Check_VBox_Description Create hunting rule
TLP:	TLP:WHITE
Repository:

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerCheck__RemoteAPI Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	INDICATOR_SUSPICIOUS_References_SecTools Create hunting rule
Author:	ditekSHen
Description:	Detects executables referencing many IR and analysis tools
TLP:	TLP:WHITE
Repository:	diˈtekSHən

Rule name:	meth_stackstrings Create hunting rule
Author:	Willi Ballenthin
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	pe_detect_tls_callbacks Create hunting rule
Author:
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	VECT_Ransomware Create hunting rule
Author:	Mustafa Bakhit
Description:	Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	vmdetect Create hunting rule
Author:	nex
Description:	Possibly employs anti-virtualization techniques
TLP:	TLP:WHITE
Repository:

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2026-04-02 15:48:08 UTC Static: 16 Unpacker: 0 ClamAV: 0